CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely.
A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication.
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.
A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely.
A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication.
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input
HTML Injection
in the WiFi settings of the dashboard leads to html injection.A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26254. Reason: This candidate is a reservation duplicate of CVE-2022-26254. Notes: All CVE users should reference CVE-2022-26254 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.